CLAIMS 



What is claimed is: 

1. V Apparatus for ensuring the integrity of computer applications to be run in association 
with a computer having data storage arranged sectorwise in a storage device, comprising 

an identifier for identifying an application to be run, 

a listing associated with at least one of said applications to be run, said listing identifying 
different sectors ofWd storage device and associating with each identified sector an access level 
required by said applic^ion, and 

an enforcement device, for prohibiting said at least one application from accessing an 
identified sector of said stor^e device at any level higher than said associated required access level. 

\ K 

2. Apparatus for ensuring the integrity of computer applications to be run in association 
with a computer having data storage\arranged sectorwise in a storage device, comprising 

an identifier for identifyingVan application to be run, 

a listing associated with at leas^ one of said applications to be run, said listing identifying 
different sectors of said storage device and associating with each identified sector an access level, 

an enforcement device, for preventing said at least one application from accessing an 
identified sector of said storage device at any levd^igher than said associated access level, and 

a query device, for identifying when an attempt to access a sector of said storage device 
has been prevented by said enforcement device, querying said attempt with said user, and if found 
acceptable then including said higher level of access in said^listing. 

3. Apparatus for ensuring the integrity of computer applications to be run in association 
with a computer having data storage arranged sectorwise in a storage.device, comprising 

\ 

an identifier for identifying an application to be run, 
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a listing^ssociSted with at least one of said applications to be run, said listing identifying 
different sectors of said storage device and associating with each identified sector an access level, 

an enforcement device, for preventing said at least one application from accessing an 
identified sector of said storage device at any level higher than said associated access level, and 

a query device\ for identifying when an attempt to access a sector of said storage device 
has been prevented by saia enforcement device, querying said attempt against a predetermined 
configuration, and if found acceptable then including said higher level of access in said listing. 



f 



3 



4. Apparatus according, to claim 2 wherein said query device continues to query such 

attempts for the duration of onepf a predetermined time period and a predetermined number of 
access attempts. 

'5. Apparatus according to ckim 3 wherefi? said query device continues to query such 

attempts for the duration of one of a predetermined time period and a predetermined number of 




access attempts. 



"6. 6 



Apparatus according to claim 2\ wherein said query device continues to query such 



^ attempts until the next occasion upon which said computer is reset. 

7. Apparatus according to claim 3 wherein said query device continues to query such 

attempts until the next occasion upon which said computer is reset. 



8. Apparatus for ensuring the integrity of comp^ter applications to be run in association 

with a computer having data storage arranged sectorwise in a\torage device, comprising 
an identifier for identify ing at least one application tcrbe run. 
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saidkt least application being adapted to call at least one other application to run, 
a listing associated with at least one of said applications to be run, said listing identifying 

different sectors of said storage device and associating with each identified sector an access level 

required by said application, 

an enforcement device, for prohibiting said at least one application from accessing an 

identified sector of said forage device at any level higher than said associated required access level, 

and 

wherein said identifier is adapted firstly to identify a listing associated with said at least 
one other application for use With said enforcement device, and if such a listing cannot be found then 
identifying a listing associated with said at least one application for use with said enforcement device. 



9. A computer connecte^ to a network, said computer comprising a storage device for 

storing data, a transmission device for sending data from said computer to said network, a listing of 
controlled data which should not be^sent to said network, a comparison device adapted to compare 
data sent to said transmission device with said controlled data, and a prevention device for 
preventing data corresponding to said controlled data being sent automatically to said network. 



10. Apparatus according to claim 1 fijrther compj^sing override means adapted to allow an 
operator to override said enforcement means. 

1 1. Apparatus according to claim 8 further comprising override means adapted to allow an 

12. Apparatus according to claim 9 further comprising override means adapted to allow an 
operator to override said prevention means. 
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13. Apparatus for ensuring the integrity of computer applications to be run in association 

with a computer having data storage arranged sectorwise in a storage device, comprising 
an identifier for identifying at least one application to be run, 

said at least one application being adapted to call at least one other application to run, 
a listing associated with at least one of said applications to be run, said listing identifying 

different sectors of said storage device and associating with each identified sector an access level 

required by said application, 

an enforcement device, foi* prohibiting said at least one application fi-om accessing an 

identified sector of said storage device jat any level higher th^ said associated required access level, 

and 

a query device, for identifying when an attempt (^o abcess a sector of said storage device 
has been prevented by said enforcement device, querying said attempt v^th a user, and if found 
acceptable then including said higher level^f access in said listing, 

wherein said identifier is adapted firstly to identify a listing associated with said at least 
one other application for use with said enforcement device, and if such a listing cannot be found then 
identifying a listing associated with said at least one application for use with said enforcement device. 



14. Apparatus for ensuring the integrity of computer applications to be run in association 

with a computer having data storage arranged sectorwise in a storage device, comprising 
an identifier for identifying at least one application to be run, 

said at least one application being adapted to call at least one other application to run, 
a listing associated with at least one of said applications to be run, said listing identifying 



different sectors of said storage device and associating with each identified sector an access level 
required by said application, 
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an enforcement device, for prohibiting said at least one application from accessing an 
identified sector of said storage dej/ice at any level higher than said associated required access level, 
and 

a query device, for identifying when an attempt to access a sector of said storage device 
has been prevented by said enforcement device, querying said attempt against a predetermined 
configuration, , and if found acceptable then including said higher level of access in said listing, 

wherein said identifier is adapted firstly to identify a listing associated with said at least 
one other application for use with said enforcement device, and if such a listing cannot be found then 
identifying a listing associated with said at least one application for use with said enforcement device. 
15. A computer connected to a\ network, said computer comprising a storage device for 

storing data sectorwise, a transmission device for senj^i^g data from said computer to said network, 
a listing of controlled data which should not be sent to\sai^,^jietwork, a comparison device adapted to 
compare data sent to said transmission devi\^ with sail^ controlled data, and a prevention device for 
preventing data corresponding to said controlled data being sent automatically to said network, said 
computer fijrther comprising 

an identifier for identifying an application to be run, 

a listing associated with at least one o^said applications to be run, said listing identifying 
different sectors of said storage device and associating with each identified sector an access level 
required by said application, and 

an enforcement device, for prohibiting said at least one application from accessing an 
identified sector of said storage device at any level higher than said associated required access level. 



16. A computer connected to a network, said computer comprising a storage device for 

storing data sectorwise, a transmission device for sending data from said computer to said network, 
a listing of controlled data which should not be sent to said network, a comparison device adapted to 



compare data sent to said transmission device with said controlled data, and a prevention device for 
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preventing data corresponaing to said controlled data being sent automatically to said network, said 
computer further comprising 

an identifier for identifying an application \o be run, 

a listing associated with at least one of said applications to be run, said listing identifying 
different sectors of said storage device and associating with each identified sector an access level, 

an enforcement device, for preventing said at least one application from accessing an 
identified sector of said storage device at anyllevel higher than said associated access level, and 

a query device, for identifying wn^n an attempt to access a sector of said storage device 
has been prevented by said enforcement device, querying said attempt with a user, and if found 
acceptable then including said higher level of aicess in said listing. 




17. A computer connected to a network, said compi|tef^6mprising a storage device for 

storing data sectorwise, a transmission device for^sending data from said computer to said network, 
a listing of controlled data which should not be sent to said network, a comparison device adapted to 
compare data sent to said transmission device with\said controlled data, and a prevention device for 
preventing data corresponding to said controlled data being sent automatically to said network, said 
computer further comprising an identifier for identifying at least one application to be run, 

said at least one application being adapted\^ call at least one other application to run, 
a listing associated with at least one of said applications to be run, said listing identifying 
different sectors of said storage device and associating \/ith each identified sector an access level 
required by said application, 

an enforcement device, for prohibiting said at iVast one application from accessing an 

\\ 

identified sector of said storage device at any level higher than said associated required access level, 
and wherein said identifier is adapted firstly to identify a listing associated with said at least one other 
application for use with said enforcement device, and if sucK a'' listing cannot be found then 



idenrif>'ing a listing associated wirh said at least one application for use^ wich said enforcement device. 
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18. A computer connected to a network, said computer comprising a storage device for 

storing data sectorwise, a transmission device for sending data from said computer to said network, 
a listing of controlled data which should not be sent to said network, a comparison device adapted to 
compare data sent to said transmission device with said controlled data, and a prevention device for 
preventing data corresponding to saidjcontrolled data being sent automatically to said network, said 
computer further comprising 

an identifier for identifying at least one application to be run, 

said at least one application Ibeing adapted to call at least one other application to run, 
a listing associated with at le^t one of said applications to be run, said listing identifying 
different sectors of said storage device and associating|\with each identified sector an access level 
required by said application, 

an enforcement device, for prohibiting saidl at least one application from accessing an 




identified sector of said storage device at an\ level higher than said associated required access level, 
and 

a query device, for identifying wheii^n attempt to access a sector of said storage device 
has been prevented by said enforcement device, querying said attempt against a predetermined 
configuration, and if found acceptable then including said higher level of access in said listing, 

wherein said identifier is adapted firstI>\o identify a listing associated with said at least 
one other application for use with said enforcement d^ice, and if such a listing cannot be found then 
identifying a listing associated with said at least one application for use with said enforcement device. 




